[root@node conf.d]# cat /etc/logstash/conf.d/logstash.conf
input {
file {
path => "/var/log/messages"
}
}
output {
file {
path => "/logstash-test/%{+YYYY-MM-dd-HH}.messages.gz"
gzip => true
}
# elasticsearch {
# hosts => "10.10.0.200"
# protocol => "http"
# index => "system-messages-%{+YYYY-MM-dd}"
#}
}
[root@node conf.d]# 创建目录和授权
[root@node conf.d]# mkdir /logstash-test
[root@node conf.d]# chown logstash.logstash /logstash-test
[root@node conf.d]# chown logstash.logstash /var/log/messages
尝试写入:
[root@node conf.d]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 >> /var/log/messages
查看
[root@node conf.d]# ll /logstash-test/
total 8
-rw-r--r-- 1 logstash logstash 126 Mar 8 07:51 2016-03-08-15.messages.gz
-rw-r--r-- 1 logstash logstash 431 Mar 8 07:50 2016-03-08.messages.gz
[root@node conf.d]#
至于权限,如果我没有修改messages权限,则会警告,我并没有尝试如果修改后日志还是否正常记录。如果你觉得有问题的地方,请告知我,谢谢!
{:timestamp=>"2016-03-08T07:42:00.876000-0800", :message=>"failed to open /var/log/messages: Permission denied - /var/log/messages", :level=>:warn}
{:timestamp=>"2016-03-08T07:43:14.534000-0800", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}
